Not exactly netflow until you set it up as such buy, Graylog2 and LogStash are OSS. Also, I'll probably be releasing modules and a simple evented (POE) program in perl soon (don't wait up if you can't deal with code - it ain't and ain't going to be a web app but a simple framework mainly for the simplest and fastest parsing regexes). But all of the modern log aggregation software uses ElasticSearch as a data store which makes correlation / netflow pretty easy. On May 14, 2013 9:20 PM, "Joe Loiacono" <jloiacon@csc.com> wrote:
Check out the FlowViewer/flow-tools/SiLK combo also.
https://sourceforge.net/projects/flowviewer/
Erik Sundberg <ESundberg@nitelusa.com> wrote on 05/14/2013 06:59:32 PM:
From: Erik Sundberg <ESundberg@nitelusa.com> To: "nanog@nanog.org" <nanog@nanog.org> Date: 05/14/2013 07:00 PM Subject: Looking for Netflow analysis package
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.